Additional Recommendations for New Servers - Arch Linux

Difficulty: 1
Time: 10 minutes

After you’ve set up your server, there a few other steps we recommend to ensure its security make sure your server’s secure and works like you’d expect.

These steps are optional, but they’re the kind of things that seasoned admins always take care of.

Set up a basic firewall

Creating a firewall protects your server from malicious traffic that can lead to security issues or degraded performance due to floods of traffic, such as DDoS attacks.

Install UFW firewall

  • Install the UFW firewall:
    sudo pacman -Syu ufw

Create firewall rules

Define exceptions to your firewall policy so that you can activate your firewall.

  1. Create an exception so you can connect to your server through SSH:
    sudo ufw allow 22/tcp

    If you've changed your default SSH port, replace 22 with your port number.

  2. Open any of the following ports based on what services you need:
    You want to enable... Run this command
    Web server (HTTP) traffic
    sudo ufw allow 80/tcp
    Web server & SSL (HTTPS) traffic
    sudo ufw allow 443/tcp
    Outgoing email (SMTP)
    sudo ufw allow 25/tcp
  3. Review your exceptions:
    sudo ufw show added

The ufw show added command lists your configured firewall rules in human-readable format, even when your firewall is inactive.

Enable the firewall

  1. If the ufw show added command lists all the rules you want, enable your firewall:
    sudo ufw enable
  2. At the prompt, enter y to continue. This entry applies your exceptions, blocks all other traffic, and configures your firewall to start automatically at startup.

If you configure additional services later, make sure to open their respective ports.

Synchronize Network Time Protocol

When different computer or server programs with out-of-sync clocks communicate with each other, switching between these systems can cause the time to jump back and forth. This can cause undesirable effects such as incorrect timestamps on emails or logs.

Fortunately, you can solve this problem simply by using Network Time Protocol (NTP) synchronization.

Configure Time Zones

  1. Set your server's time zone:
    sudo timedatectl list-timezones
  2. In the resulting (long) list, find your region (of your server) and include it your command:
    sudo timedatectl set-timezone your region/geographic area
    For example, if you live in Los Angeles:
    sudo timedatectl set-timezone America/Los_Angeles
    Your system updates to your selected timezone.
  3. Optionally, confirm the timezone:
    sudo timedatectl

Configure NTP synchronization

Next, configure your Network Time Protocol (NTP). NTP is an Internet protocol that synchronizes time of computer clocks across the Internet and helps to determine when events happened between systems. NTP works by a client requesting the current time from an NTP server and then using the server's response to set its own clock. Afterward, your computer is accurately synced with networked time servers.

  1. Install the NTP daemon:
    sudo pacman -S ntp
  2. Enable NTP:
    sudo timedatectl set-ntp true

NTP synchronization is now active on your server. This means your system will adjust the time throughout the day to match up with global NTP servers.

Next steps

If you like this configuration, you can take a server snapshot to use as a guide for setting up future installations.

Also, consider adding swap space. Adding swap space is an easy way to increase cloud server performance and is particularly helpful if you host databases on your system.


Was This Article Helpful?
Thank You For Your Feedback
Glad we helped! Anything more we can do for you?
Sorry about that. How can we be more helpful?